diff options
| author |   Robert Collins <rbtcollins@hp.com> | 2014-07-20 08:03:33 +1200 |
|---|---|---|
| committer |   James Polley <jp@jamezpolley.com> | 2014-08-14 19:11:08 +1000 |
| commit | 0b306f003728555cc16e2c389e5006a55e22e0f9 (patch) | |
| tree | 6e52c6acdbebfd38612c5aacb150480c5e217e49 | |
| parent | ce07603125e7110e5f5889fe9eaef55adab346ab (diff) | |
Permit specifying VLAN mappings to overclouds.
To use a VLAN based public network we need the ext-net network to be a
VLAN with a segmentation id - but we can't do this unless we also have
the datacentre physical network marked as allowing vlans.
We could make this strictly opt-in, but as this doesn't affect the
switch configuration (and thus actual machine capabilities) having it
on by default seems reasonable. OTOH we can't force it on, because
high security environments may well want a defense in depth setup
where neutron admins cannot configure VLANs that they are not meant
to have access too (consider that the cloud machine admins may be
separate to the folk running the services on top of them...)
Change-Id: I9687751753f810896c6d065750910da40132c9fa
| -rw-r--r-- | overcloud-source.yaml | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/overcloud-source.yaml b/overcloud-source.yaml index 2d7f6b01..e9b7c7a1 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -115,6 +115,13 @@ parameters: scripts or be sure to keep 'datacentre' as a mapping network name. type: string default: "datacentre:br-ex" + NeutronNetworkVLANRanges: + default: 'datacentre' + description: | + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: string NeutronPassword: default: unset description: The password for the neutron service account, used by neutron agents. @@ -351,7 +358,8 @@ resources: NeutronEnableTunnelling: "True" NeutronFlatNetworks: get_param: NeutronFlatNetworks - NeutronNetworkVLANRanges: "" + NeutronNetworkVLANRanges: + get_param: NeutronNetworkVLANRanges NeutronPhysicalBridge: get_param: HypervisorNeutronPhysicalBridge NeutronPublicInterface: @@ -510,6 +518,7 @@ resources: enable_tunneling: 'True' local_ip: get_input: controller_host + network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} bridge_mappings: {get_param: NeutronBridgeMappings} public_interface: get_param: NeutronPublicInterface |